Hello. While replacing a user's computer, we logged in as her on the new computer and received an error stating the home drive cannot be mapped or it is missing. We looked on the server drive and noticed she didn't have a personal home folder share on the server. She had a personal home folder configured in AD but presumably every time she logged in she received the same error stating the drive couldn't be mapped and never complained. She must have continued to save files for months or even years somewhere on the laptop in a local cached area or something of the sort.

Well, we created the home folder and we logged in as her and the home folder mapped properly. Well now everything that was in her documents has gone missing. Can we kiss those documents goodbye or can we get them back?

Ask any questions you may have if I am not explaining this clearly but I think you get the hint.

Thanks

Hi Team,

 I Need your help ..

Do i need to purchase CAL for the each user/computer adding to Active directory.

Thanks

Hi All,

I have many users facing issue with active directory accounts getting locked out frequently.

We have the Dell Change auditor to pull the lockout report, that shows the lockout cause to be the ADFS servers in our environment. But on the ADFS servers, we are unable to find any relative securit audit logs.

Does anyone else face such a similar problem? What are the steps taken to find the lockout cause and fix the issue?

Hello Experts,

We have 4 sites on which we have local domain controllers , yesterday on one site the link broken and head office & branch site disconnected so as link goes down the connectivity between local domain controller stopped with other domain controllers.

But unfortunately user at branch site are not able to login/ authenticate  via thier domain id and below error comes

The password is incorrect. Try again."

Although AD Admin account not able to login on branch local domain and password error comes.

How can i troubleshoot this issue.

Dear support team,

I have one issue with My website www.test.com

My environment have  DC and exchange server and share point

Domain name :test.com

1.Web site address: www.test.com

2.website address: http://test.com

I already add host record for www.test.com with my static ip address in DNS record

I can browse www.test.com in locallly and outside

But i couldnt able to browse http://test.com in locally 

please give me support for this

Dear All

My Tree active directory crashed with no backup and I need to re promote a new one to the forest with the same tree name but it keep give me its invalid format

I did clean the meta data and delete the site but still the same any help please

Best regards

Dear All

My Tree active directory crashed with no backup and I need to re promote a new one to the forest with the same tree name but it keep give me its invalid format

I did clean the meta data and delete the site but still the same any help please

Best regards

Hello,

I have set up 3 servers. each with a specific purpose. 
1 server runs as DC & database, 1 Webservices and 1 Mail server.
All services works correctly.

But the issue is, while the Domain controller can ping both servers fine, and the servers the DC. they cannot cross ping to each other. Firewall is disabled. DNS is configured fine. Any thoughts on this? 

regards,

Dave

Hello all. We are currently running a Windows Server 2003 ADDC as a virtual machine on a Windows Server 2012 host using Hyper-V. We have recently added a second Windows Server 2012 ADDC also as a Hyper-V VM. I promoted the 2k12 to a DC, transferred all FMOS roles, and tested AD replication. All AD data was replicated fine. However a DCDIAG (the results of which I have attached to this post) show a few errors.

First off, it is failing the advertising test. This is more than likely due to a DNS error. Unfortunately, I can not seem to find the error within the DNS to resolve it. 

Secondly, it is failing the KccEvent test; also seeming as a DNS related error.

Thirdly, both SYSVOL and NETLOGON shares were not successfully replicated. This is likely the basis for the other issues. Without these successfully replicated, I can not demote the 2K3 server; which is the goal in the end, to replace the old server with the new. 

I am willing to try just about anything, so any suggestions would be greatly appreciated. As for what I have tried, I have tried a non-authoritative restore using burr flags with no success. I CAN ping both DCs from each other ensuring connectivity. All users can currently log on to the server (due to the fact that the 2K3 server is still running and still holds the SYSVOL and NETLOGON shares).

Once again, any help would be greatly appreciated! Thank you in advance!

DCDIAG Output:

Directory Server Diagnosis


Performing initial setup:

   Trying to find home server...

   Home Server = RETIRED2012

   * Identified AD Forest.
   Done gathering initial info.


Doing initial required tests


   Testing server: Default-First-Site\RETIRED2012

      Starting test: Connectivity

         ......................... RETIRED2012 passed test Connectivity



Doing primary tests


   Testing server: Default-First-Site\RETIRED2012

      Starting test: Advertising

         Warning: DsGetDcName returned information for

         \\retired1.RetireFirst.local, when we were trying to reach

         RETIRED2012.

         SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.

         ......................... RETIRED2012 failed test Advertising

      Starting test: FrsEvent

         There are warning or error events within the last 24 hours after the

         SYSVOL has been shared.  Failing SYSVOL replication problems may cause

         Group Policy problems.
         ......................... RETIRED2012 passed test FrsEvent

      Starting test: DFSREvent

         ......................... RETIRED2012 passed test DFSREvent

      Starting test: SysVolCheck

         ......................... RETIRED2012 passed test SysVolCheck

      Starting test: KccEvent

         An error event occurred.  EventID: 0xC0000827

            Time Generated: 08/09/2013   22:08:34

            Event String:

            Active Directory Domain Services could not resolve the following DNS host name of the source domain controller to an IP address. This error prevents additions, deletions and changes in Active Directory Domain Services from replicating between one or more domain controllers in the forest. Security groups, group policy, users and computers and their passwords will be inconsistent between domain controllers until this error is resolved, potentially affecting logon authentication and access to network resources.


         A warning event occurred.  EventID: 0x80000677

            Time Generated: 08/09/2013   22:10:02

            Event String:

            Active Directory Domain Services attempted to communicate with the following global catalog and the attempts were unsuccessful.


         An error event occurred.  EventID: 0xC0000466

            Time Generated: 08/09/2013   22:10:06

            Event String:

            Active Directory Domain Services was unable to establish a connection with the global catalog.


         ......................... RETIRED2012 failed test KccEvent

      Starting test: KnowsOfRoleHolders

         ......................... RETIRED2012 passed test KnowsOfRoleHolders

      Starting test: MachineAccount

         ......................... RETIRED2012 passed test MachineAccount

      Starting test: NCSecDesc

         ......................... RETIRED2012 passed test NCSecDesc

      Starting test: NetLogons

         Unable to connect to the NETLOGON share! (\\RETIRED2012\netlogon)

         [RETIRED2012] An net use or LsaPolicy operation failed with error 67,

         The network name cannot be found..

         ......................... RETIRED2012 failed test NetLogons

      Starting test: ObjectsReplicated

         ......................... RETIRED2012 passed test ObjectsReplicated

      Starting test: Replications

         ......................... RETIRED2012 passed test Replications

      Starting test: RidManager

         ......................... RETIRED2012 passed test RidManager

      Starting test: Services

         ......................... RETIRED2012 passed test Services

      Starting test: SystemLog

         A warning event occurred.  EventID: 0x00001695

            Time Generated: 08/09/2013   22:06:48

            Event String:

            Dynamic registration or deletion of one or more DNS records associated with DNS domain 'RetireFirst.local.' failed.  These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).


         A warning event occurred.  EventID: 0x000003F6

            Time Generated: 08/09/2013   22:06:49

            Event String:

            Name resolution for the name _ldap._tcp.Default-First-Site._sites.dc._msdcs.RetireFirst.local. timed out after none of the configured DNS servers responded.

         A warning event occurred.  EventID: 0x00001696

            Time Generated: 08/09/2013   22:07:44

            Event String:

            Dynamic registration or deregistration of one or more DNS records failed with the following error:


         A warning event occurred.  EventID: 0x000003F6

            Time Generated: 08/09/2013   22:07:51

            Event String:

            Name resolution for the name retired1.RetireFirst.local timed out after none of the configured DNS servers responded.

         A warning event occurred.  EventID: 0x00001695

            Time Generated: 08/09/2013   22:08:23

            Event String:

            Dynamic registration or deletion of one or more DNS records associated with DNS domain 'DomainDnsZones.RetireFirst.local.' failed.  These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).


         A warning event occurred.  EventID: 0x00001695

            Time Generated: 08/09/2013   22:08:35

            Event String:

            Dynamic registration or deletion of one or more DNS records associated with DNS domain 'ForestDnsZones.RetireFirst.local.' failed.  These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).


         An error event occurred.  EventID: 0x0000041E

            Time Generated: 08/09/2013   22:08:45

            Event String:

            The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.

         An error event occurred.  EventID: 0x00000423

            Time Generated: 08/09/2013   22:08:53

            Event String:

            The DHCP service failed to see a directory server for authorization.

         A warning event occurred.  EventID: 0x000003F6

            Time Generated: 08/09/2013   22:10:04

            Event String:

            Name resolution for the name isatap timed out after none of the configured DNS servers responded.

         A warning event occurred.  EventID: 0x000003F6

            Time Generated: 08/09/2013   22:10:08

            Event String:

            Name resolution for the name e45ad288-70ff-4d9e-adf9-3035e459e126._msdcs.RetireFirst.local timed out after none of the configured DNS servers responded.

         A warning event occurred.  EventID: 0x000003F6

            Time Generated: 08/09/2013   22:10:21

            Event String:

            Name resolution for the name _ldap._tcp.Default-First-Site._sites.dc._msdcs.RetireFirst.local. timed out after none of the configured DNS servers responded.

         An error event occurred.  EventID: 0x00000423

            Time Generated: 08/09/2013   22:11:14

            Event String:

            The DHCP service failed to see a directory server for authorization.

         An error event occurred.  EventID: 0x0000041E

            Time Generated: 08/09/2013   22:13:45

            Event String:

            The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.

         ......................... RETIRED2012 failed test SystemLog

      Starting test: VerifyReferences

         ......................... RETIRED2012 passed test VerifyReferences



   Running partition tests on : ForestDnsZones

      Starting test: CheckSDRefDom

         ......................... ForestDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... ForestDnsZones passed test

         CrossRefValidation


   Running partition tests on : DomainDnsZones

      Starting test: CheckSDRefDom

         ......................... DomainDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... DomainDnsZones passed test

         CrossRefValidation


   Running partition tests on : Schema

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Schema passed test CrossRefValidation


   Running partition tests on : Configuration

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Configuration passed test CrossRefValidation


   Running partition tests on : RetireFirst

      Starting test: CheckSDRefDom

         ......................... RetireFirst passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... RetireFirst passed test CrossRefValidation


   Running enterprise tests on : RetireFirst.local

      Starting test: LocatorCheck

         ......................... RetireFirst.local passed test LocatorCheck

      Starting test: Intersite

         ......................... RetireFirst.local passed test Intersite

Hello Support,

Currently we have using o365 email account and ad server 2012. how we can start configuration adfs with server 2012 step by step.  

I have active directory integrated CA server. Some of my applications running with Internal CA Certificate.

CA server validity going to expiry. How to extend the CA server validity.

Active Directory = windows server 2012.

Hello,

we recently created a new site for our dmz and deployed in it an rodc.

using a user that is allowed to replicate his credentials, I have logged on a server in the new site, and from the command prompt entered the command 'echo %logonserver%', which showed the logon server to be a rwdc from a different site.

I have made sure replication and subnet configuration are correct and returning successful results on diagnostic tests.

using the command 'nltest /dsgetsite' returns the correct site but the command 'nltest /DSGETDC:<domain>' showed that the dc being served is an rwdc from a different site.

what am I doing wrong?

The backup application of windows Phone 8.1 make a backup to OneDrive (but I can't find it there).

Now a need to restore the bacup, but I can't make it happened.

The backup app asked for shut off the app en enable again, but this don't help.

What to do?

last several days I have see several of our accounts getting locked out, and both netwrix lockout examiner, event viewer, and the lockout status tool only point me to name of workstation\called computer name (SHIELD) that should not exist on our network.

I do not see SHIELD in DNS, DHCP, cannot ping it.

I have gone through the event viewer on my primary PDC, as that is the one the lockout is pointing to, but cannot find anything that has an IP address to help me locate where this is coming from.

any additional tools I could use?

below is what I find in event viewer:

Subject:
Security ID:SYSTEM
Account Name:PRIMARYDOMAINCONTROLLER$
Account Domain:MYDOMAIN
Logon ID:0x3e7

Account That Was Locked Out:
Security ID:MYDOMAIN\helpdesk
Account Name:helpdesk

Additional Information:
Caller Computer Name:SHIELD

Good morning all.

I would like to ask some questions, i am newer to DFS implementation.

I currently have one main site and a branch office, connected via VPN.

The WAN link often goes down or very very slow, so wo wold like to implement a DFS, with a node implemented on the branch office.

I cannot use the branchcache feature because the server in the main site is a 2008, not R2. I would like to know if I am on the right way.

First i will deploy the new server on the main site, join into the domain as a member and synchronize the data between the two servers.

After i will create the new AD site, bring the new server at the branch office, make it a domain controller and create the DFS structure and replication.

Is this procedure correct?

Thanks in advance.

Regards,

Luca

Hello,

I have two domain windows server 2008 in my organization.

There are 20 users in one domain and 20 users in other domain.

Both team has different subnet.

Team A : 192.168.0.1  ( 255.255.255.0)  - Domainone.com

Team B : 192.168.1.1   ( 255.255.255.0) - Domaintwo.com

I need that all of my users can sit anywhere if their original pc is down. Since all users can not communicate because both are on different subnet.

Please suggest how can I make it possible and everyone can seat anywhere.

Thanks you in advance :-)

Hi Gang,

We are in the process of interest migration. We have are migrating from our source forest to the new target forest. Source/domain is bound to a forest and domain levels of 2003. Target forest/domain has forest and domain levels of 2012 R2.

We noticed that with distribution lists and users with email addresses aren't fully migrated. Sure the groups and users are migrated with SID history and so on but not any of their emails. 

We have yet to deploy an exchange server on the target domain. The reason being that we have 365 but still are using DirSync with an Exchange 2003 box in the source domain.

How do we deal with this? Should we get rid of the Exchange 2003 box? Some forums suggest ADMT does not migrate Exchange objects whereas others say it does. Could you please help us!!!!!

Thanks,

Daniel

Hi,

I am facing an issue moving computer object from computer container to another OU using powershell script.While I am using the script I am getting the error"Move-ADObject : The operation could not be performed because the object's parent is either uninstantiated or deleted ".But I am able to move this object manually without any issue. Also noticed that using the same script I am able to move the computer object from other OU to computer container without any error.The error only comes when the script use to move the object from computer container to another OU.

Does anyone know the fix for this ?

OS : Windows server 2008 R2

Domain and forest functional Level : Windows Server 2003